Security Researcher Found Critical Kindle Vulnerabilities That Allowed Hijacking Amazon Accounts

The Black Hat Europe hacker conference in London included a session titled 'Don't Judge an Audiobook by Its Cover' about a two critical (and now fixed) flaws in Amazon's Kindle. The Times reports both flaws were discovered by engineering analyst Valentino Ricotta (from the cybersecurity research division of Thales), who was awarded a 'bug bounty' of $20,000 (£15,000 ).

He said: 'What especially struck me with this device, that's been sitting on my bedside table for years, is that it's connected to the internet. It's constantly running because the battery lasts a long time and it has access to my Amazon account. It can even pay for books from the store with my credit card in a single click. Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network or even to other devices that are registered with your Amazon account.'

Ricotta discovered flaws in the Kindle software that scans and extracts information from audiobooks... He also identified a vulnerability in the onscreen keyboard. Through both of these, he tricked the Kindle into loading malicious code, which enabled him to take the user's Amazon session cookies — tokens that give access to the account. Ricotta said that people could be exposed to this type of hack if they 'side-load' books on to the Kindle through non-Amazon stores.

Ricotta donated his bug bounties to charity...

Read more of this story at Slashdot.